Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

If a user types the same Google password into a site that isn’t a Google sign-in page, the extension will generate a notice, alerting the user to reset his or her password or simply ignore the message.

“This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice,” wrote Drew Hintz, Google Security Engineer and Justin Kosslyn at Google Ideas.

The extension is also available for Google for Work users, including Google Apps and Drive for Work.

Hintz and Kosslyn added this feature would help spot malicious attackers attempting to access employee accounts. Administrators can install the extension for all users in their domain, and enable password alert auditing, send email alerts, and force end-users to change their Google password if entered into a non-trusted website.

The release of the tech giant’s new plugin comes after findings from multiple studies demonstrating phishing continues to be leverages as a tried-and-true tactic for attackers to gain unauthorized access.

As Google noted:

The most effective phishing attacks can succeed 45 percent of the time, and

Nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords;

Various services across the web send millions upon millions of phishing emails, every day.